Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3677

owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

    XMLWordPrintableJSON

    Details

    • Hadoop Flags:
      Reviewed

      Description

      Doesn't look like this impacts us (we don't use SocketServer) however we should figure out what to do as the owasp checker is failing and the rating is quite high (9.8 - bound to get interest)

      https://nvd.nist.gov/vuln/detail/CVE-2019-17571

      Perhaps ZOOKEEPER-2342 should be prioritized.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                eolivelli Enrico Olivelli
                Reporter:
                phunt Patrick D. Hunt
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m